IFAD Policy on Enterprise Risk Management



Similar documents
UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

WFP ENTERPRISE RISK MANAGEMENT POLICY

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

Confident in our Future, Risk Management Policy Statement and Strategy

Introduction to Enterprise Risk Management at UVM DRAFT

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

RISK MANAGEMENT FRAMEWORK OKHAHLAMBA LOCAL MUNICIPALITYITY

ENTERPRISE RISK MANAGEMENT POLICY

Enterprise Risk Management Framework Strengthening our commitment to risk management

Successfully identifying, assessing and managing risks for stakeholders

ENTERPRISE RISK MANAGEMENT POLICY

P3M3 Portfolio Management Self-Assessment

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Saldanha Bay Municipality. Risk Management Strategy. Inclusive of, framework, procedures and methodology

RISK MANAGEMENT GUIDANCE FOR GOVERNMENT DEPARTMENTS AND OFFICES

ENTERPRISE RISK MANAGEMENT FRAMEWORK

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

Application of King III Corporate Governance Principles

Aegon Global Compliance

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

Application of King III Corporate Governance Principles

Developing an Effective Enterprise Risk Management Program

Risk Management Strategy EEA & Norway Grants Adopted by the Financial Mechanism Committee on 27 February 2013.

Fraud Risk Management

Enterprise Risk Management

COMPLIANCE CHARTER 1

MISSION VALUES. The guide has been printed by:

MARCH Strategic Risk Policy Update March 2012 v1.10.doc

Integrated Risk Management:

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

Guidance Note: Corporate Governance - Board of Directors. March Ce document est aussi disponible en français.

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202)

A Risk-Based Audit Strategy November 2006 Internal Audit Department

Policy : Enterprise Risk Management Policy

IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT

APPENDIX 50. Enterprise risk management - Risk management overview

Internal Auditing Guidelines

IFAD Policy on the Disclosure of Documents (2010)

Internal Audit Standards

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

Enterprise Risk Management: Taking the First Steps

Corporate risk register

Guide to Internal Control Over Financial Reporting

Matthew E. Breecher Breecher & Company PC November 12, 2008

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter

How To Be Accountable To The Health Department

SOL PLAATJE MUNICIPALITY ENTERPRISE RISK MANAGEMENT FRAMEWORK AND POLICY

Risk Management Plan

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

Commonwealth Risk Management Policy

Strategic Risk Management for School Board Trustees

Policy and Procedure Statement

The Risk Management strategy sets out the framework that the Council has established.

Fraud Prevention and Deterrence

Business Continuity Management Framework

Regulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM))

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL

1. This bulletin, which contains the Charter of the Office of Internal Oversight Services (IOS) of

Effective Internal Audit in the Financial Services Sector

Enterprise Risk Management in Colleges and Universities

Enterprise Risk Management: COSO, New COSO, ISO Review of ERM

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment

Implementing an Integrated City-wide Risk Management Framework

RISK MANAGEMENT STRATEGY AND FRAMEWORK

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

Charter of the Compliance and Operational Risk Management Office (CORMO)

Risk Assessment & Enterprise Risk Management

A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000

Standards for the Professional Practice of Internal Auditing

INTERNAL CONTROL AND ENTERPRISE RISK MANAGEMENT NO. П4-01 П-01 REVISION1.00

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework

Enterprise Risk Management

RISK MANAGEMENT POLICY

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

Risk Management Policy Adopted by:

Programme Manager/Procurement Specialist. Suva. Capital Works Manager. As soon as possible. As follows

Enterprise risk management: A pragmatic, four-phase implementation plan

RISK AND OPPORTUNITY MANAGEMENT STRATEGY

Module 6 Documenting Processes and Controls

Framework for Enterprise Risk Management

ERM Program. Enterprise Risk Management Guideline

Draft Corporate Governance Standard for Central Government Departments

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No June 2007

Effective risk management

Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT

GUIDANCE PAPER No. 2 ON CORPORATE GOVERNANCE IN INSURANCE COMPANIES

Managing Risk at Bank of America Corporation. Overview

Practice guide. quality assurance and IMProVeMeNt PrograM

Operational Risk Management in a Debt Management Office

Get More Out of Your Risk Assessment. Austin Chapter of the IIA

Risk management and the transition of projects to business as usual

RISK MANAGEMENT POLICY (Revised October 2015)

Transcription:

Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008 For: Review

EB /2008/94/R.4 Note to Executive Board Directors This document is submitted for review by the Executive Board. To make the best use of time available at Executive Board sessions, Directors are invited to contact the following focal point with any technical questions about this document before the session: Kanayo F. Nwanze Vice-President and Chair of the Enterprise Risk Management Committee telephone: +39 06 5459 2518 e-mail: k.nwanze@ifad.org Queries regarding the dispatch of documentation for this session should be addressed to: Deirdre McGrenra Governing Bodies Officer telephone: +39 06 5459 2374 e-mail: d.mcgrenra@ifad.org

Definitions and acronyms Enterprise risk management (ERM) ERM is a process, effected by an entity s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives (Committee of Sponsoring Organizations of the Treadway Commission, Enterprise Risk Management Integrated Framework, Executive Summary). Event An occurrence or incident, from external or internal sources, that affects the achievement of objectives. Events can have negative impact, positive impact, or both. Events with negative impact represent threats. Events with positive impact represent opportunities. Risk Risk is the uncertainty of an action s or an event s outcome, whether positive, negative or both, which may have an impact on the achievement of an entity s business objectives. Risk is measured in terms of likelihood (probability) and impact. When the management of risk goes well, it often remains unnoticed. When it fails, however, the consequences can be significant in operational, financial, human resources, reputational and strategic terms. Risk appetite The amount of risk that an entity is prepared to accept, tolerate or be exposed to at any point in time. Risk assessment The overall process of analysis and evaluation of a risk with regard to its impact and the likelihood of its being realized, and the selection of an appropriate risk response. Risk culture The set of shared attitudes, values and practices that characterize how an entity considers risks in its day-to-day activities. Risk profile/register A documented and prioritized assessment of the range of specific risks faced by an entity. Risk response The set of actions that may be taken in response to a risk, as follows: Transfer the risk: This may be done by asking a third party to take on the risk. Accept/tolerate the risk: The ability to take effective action against some risks may be limited, or the cost of taking action may be disproportionate to the potential benefit gained. In this instance, the only management action required is to monitor the risk to ensure that its likelihood or impact does not increase. If new management options arise, it may become appropriate to treat this risk in the future. i

Treat the risk: By far the greatest number of risks will be in this category. The purpose of treatment is not necessarily to terminate the risk, but, more likely, to set in motion a planned series of mitigation actions to contain the risk to an acceptable level. Terminate the underlying activity: This is a variation of the treat approach, and involves quick and decisive action to eliminate or avoid a risk altogether. The introduction of new technology may remove certain existing risks, although it will often result in a new set of risks to be addressed. Exploit the risk: Opportunities can be exploited in a positive manner. Risk treatment The selection of an appropriate method for dealing with risk. This will involve one or a combination of the five strategies defined above: transfer, accept/tolerate, treat, terminate and/or exploit. ii

IFAD Policy on Enterprise Risk Management I. Introduction and context 1. IFAD s operational environment and, consequently, its work are becoming more diverse, complex and uncertain. Overall, the sources of risks faced by IFAD are varied, and include programmatic, reputational, operational, legal, organizational, administrative, financial, technical and environmental factors. Risks are interrelated, and often cannot be fully and directly controlled by IFAD Management. The management of risks is therefore complex. 2. Uncertainty is inherent in many of the activities carried out by IFAD. The importance of risk management and the urgent need for it to become part of our day-to-day operations is increasingly apparent as the Fund embarks on major reforms and new processes, including those related to IFAD s Action Plan for Improving its Development Effectiveness. Many public and private organizations, including international financial institutions and certain United Nations agencies, have already adopted enterprise risk management, or are in the process of doing so, in order to improve their ability to achieve their objectives, particularly in the light of large-scale global crises. 3. Enterprise risk management increases the likelihood of achieving objectives, and promotes and develops an ethical and healthy corporate culture, together with other existing management and governance structures including related internal controls and procedures. Such structures and procedures provide reasonable (but not absolute) assurance that objectives are achieved and a consistent level of control is exercised in all services and activities. As an integral part of all decisionmaking processes, IFAD needs to be aware of the risks it faces, and the implications for human and financial resources, and have mitigation strategies in place. II. The policy 4. The IFAD Policy on Enterprise Risk Management (ERM) will guide ERM activities in IFAD, building on the Fund s previous and current work in the area of risk management, in accordance with the principles set out in section III. Many key elements of risk management and internal control practices have already been put into place at IFAD in recent years or are under development. Nonetheless, a more systematic and earlier management of issues that could affect the attainment of objectives will improve IFAD s ability to achieve its objectives and accomplish its mission. 5. This policy embeds a conscious, consistent and comprehensive approach to managing risks and opportunities throughout IFAD. This approach adds value to decision-making and is clearly linked to the prioritization and achievement of the Fund s objectives. It is not intended to eliminate risk completely, but rather to provide the structural means to identify, prioritize and manage the risks involved in the Fund s activities. It requires a balance between the cost of managing and treating risks and the anticipated benefits that will be derived, as described in section VI. 6. The policy establishes a formal, systematic and integrated approach to identifying, managing and monitoring risks in IFAD (described in section IV), and defines key roles and responsibilities for all stakeholders in ERM activities (section V). 7. The policy is not a stand-alone initiative, but is and will be integrated with and embedded in IFAD s corporate governance initiatives and existing management processes such as results-based strategic planning and internal control. 1

III. Principles of the policy 8. In implementing risk management, IFAD will adhere to the following principles: (a) (b) (c) Risk management is essential for strategic planning and good corporate governance, and integral to best management practice. By nature of its mandate, IFAD operates in high-risk environments, bearing in mind expected benefits and potential adverse consequences. Ownership of risk management rests with IFAD Senior Management, who will seek to: (i) (ii) (iii) (iv) (v) Proactively manage risks to the Fund s assets, including staff, financial and other resources, property, projects and programmes, reputation and interests, both internal and external; Set the Fund s risk appetite or tolerance for assuming risk; Take appropriate and timely measures to assess the likelihood and potential impact of risks, and the associated impact on the achievement of IFAD s objectives, balancing the cost of managing risks with the anticipated benefits that may derive (see below); Decide on and implement the appropriate risk response to an assessed risk or risks; and Monitor and assess the outcomes. IV. Implementing the policy 9. This policy envisages an ERM framework based largely on the underlying principles included in Enterprise Risk Management Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission. 10. A detailed risk management framework will be established and other documents issued so as to institute common terminology, uniform processes and structures, roles and responsibilities, communications, education and training for all staff. This will be based on a number of existing and planned processes and systems, and linked to results-based management. 11. Existing processes and systems have been strengthened as a result of selfimprovement actions from Management, feedback from internal and external oversight mechanisms, occasional specialist reviews and the work of special purpose task forces. These inputs have served to identify and address control weaknesses and mitigate risk exposures. 12. Many ERM initiatives undertaken in recent years involve the implementation of more robust project and grant processes and procedures. These include quality enhancement and quality assurance of project and programme design through internal and external project review, for improved likelihood of achieving project objectives, outcomes and outputs. They also include improvements in project implementation support through specialized training enabling all staff directly involved in projects to put into practice the recently issued IFAD Policy on Supervision and Implementation Support, and related guidelines; more rigorous and direct follow-up of audit reports by regional divisions; and greater knowledge management through increased country presence. The newly approved Results Measurement Framework for reporting on progress achieved against the IFAD Strategic Framework 2007-2010 focuses on the quality of projects at entry, implementation and completion points, thereby contributing to IFAD s operational effectiveness through the measurement and reporting of operational results. 13. Other initiatives include the implementation of an integrated financial system; the establishment of a separate strategic planning and budgetary function, including 2

results-based budgeting; the definition of an asset liability management (ALM) framework to focus on identifying, understanding and managing financial risk; the establishment of the Oversight Committee; the revision of investigation and sanction processes; the adoption of the IFAD Policy on Preventing Fraud and Corruption in its Activities and Operations, and related procedures; the strengthening of internal audit, communications and policy functions; and the restructuring of IFAD s insurance coverage and security functions. The Investment and Finance Advisory Committee and the Investment, Finance and ALM Advisory Committee have been established, and the revised IT Governance Committee has resumed its activities. 14. Various operational, administrative and financial guidelines and procedures and legal instruments have been issued. These cover, among others, audits, procurement and direct supervision, results-based country strategic opportunities programmes, and country presence. 15. Risk management has been directly integrated into the strategic planning and budget processes by means of the Corporate Planning and Performance Management System and its reporting processes. A corporate risk register underpinned by processes for risk monitoring and escalation (i.e. making a risk a higher Management priority) has been established and is fully operational. In addition to the designation of a corporate risk champion, the newly established Enterprise Risk Management Committee is responsible for guiding the development of ERM in IFAD, coordinating its implementation, and reviewing and monitoring ERM processes and outputs on a regular basis. 16. The risk profile of IFAD and related risk management structures and processes will be developed, assessed, monitored and periodically reviewed by Senior Management. Risk tolerance levels will also be set by Senior Management and communicated to staff through appropriate tools. 17. When responding to a key risk, the Fund will aim to ensure that this risk does not materialize. To this end, Management will determine the most effective risk response, balancing the costs of risk management with the opportunity cost of not taking appropriate action. 18. Risks will primarily be monitored, assessed, and reported on, through the divisional, departmental and corporate risk registers. This procedure is already incorporated in the existing strategic planning processes and will be modified and updated in line with experience. Each risk identified in the risk register will have a corresponding risk owner who is responsible for actions to be taken to mitigate this risk. Ownership must sit at the appropriate level, with the person who can take effective action. In updating the risk register, risk owners will describe existing and additional activities to address or mitigate the risk. Separate reports may be submitted to Senior Management for unusual risks and events; these risks will subsequently be incorporated in the corporate risk register, if appropriate. 19. Reporting of data will be made at appropriate levels. This will include an annual report on ERM activities and their status to be presented to the Executive Board for information purposes in addition to periodic reporting by the Audit Committee on risk management matters (see paragraph 24). V. Roles and responsibilities 20. The policy applies to all staff, but there is a specific obligation for Senior Management and, indeed, all managers and heads of units to set the tone for effective risk management, as follows: 21. The Governing Council is IFAD s highest decision-making body consisting of IFAD s stakeholders and provides overall direction for IFAD. 3

22. The Executive Board gives specific direction to Management and approves strategies and corporate policies. It is a critical part of IFAD and significantly influences the Fund s internal environment. The Board provides guidance on managing risks in the context of governance and oversight of new policies, programmes and projects. 23. The Audit Committee monitors the efficiency and effectiveness of internal audit functions. It periodically conducts a review of IFAD s risks and risk management procedures, satisfying itself that the internal control and risk management systems established by Management effectively safeguard the Fund s assets and reporting to the Executive Board on the outcome of such reviews. 24. The Evaluation Committee assists the Executive Board in discharging its oversight responsibilities for IFAD s programmes and projects, including an assessment of their overall quality and impact. 25. The President of IFAD, assisted by the Vice-President and the Assistant Presidents, is accountable to the Board for the implementation of risk management processes. She or he is consequently responsible for implementing the ERM policy, including the establishment and maintenance of key controls and approval processes or all major business processes and functions. The President assumes ownership of ERM, providing leadership and direction to senior managers and setting the tone at the top. In particular, she or he is responsible for embedding risk management in corporate processes in such a way that risks are effectively managed across the Fund. The President is also responsible for systematically reviewing the underlying risks and assigning appropriate accountability. The Vice-President, as the corporate risk champion, works with other managers in establishing and maintaining effective risk management in their areas of responsibility, ensuring buy-in for ERM across the organization. 26. The Enterprise Risk Management Committee assists Senior Management in guiding the development of ERM in IFAD, coordinating its implementation, and reviewing and monitoring ERM processes and outputs on a regular basis. It assists in educating and training staff, and reviews the development and updating of the corporate risk profile, reporting to Senior Management periodically. 27. Management fosters a risk management culture and ensures appropriate implementation of policies and procedures, safeguarding the Fund s assets. It should take appropriate measures to manage risks consistently and proactively. 28. Internal auditors play an important role in the monitoring of ERM and the quality of performance as part of their regular duties. They do not, however, have primary responsibility for ERM implementation or maintenance. They assist management and the Executive Board/Audit Committee by monitoring, evaluating, examining and reporting on risk management processes and activities. 29. All staff contribute to and are responsible for risk management and internal control processes. In particular, they support the development and updating of the documentation of risks, identify and assess risks in their areas, and contribute to risk mitigation. 30. External contractual parties who act as agents for IFAD, such as cooperating institutions and the custodian bank, have an obligation to fulfil their contractual responsibilities including the safeguarding of IFAD s assets, where relevant. 31. The external auditor plays an important role in assessing the effectiveness of risk management as part of its risk-based audit approach. 4

VI. Benefits 32. The key anticipated benefits of the ERM policy will be to: Enhance the effective achievement of the Fund s objectives through risk mitigation; Protect the interests of, and build value for, IFAD s stakeholders, permitting them to have increased confidence in IFAD s corporate governance and ability to deliver; Provide assistance to decision-making and planning, and improve their quality; Assist in safeguarding the Fund s assets including people, finances, property and reputation; and Enable the Fund to turn threats into opportunities to achieve its objectives and accomplish its mission. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information